Time is of essence for tech crime investigators

TRACING CYBERCRIME: The crime scene is in the virtual world, and the culprit is hiding behind a keyboard. (Investigators obtain system logs from the victims and suspects, so) we can see where the hacker came in from, what he did to the system and how
TRACING CYBERCRIME: The crime scene is in the virtual world, and the culprit is hiding behind a keyboard. (Investigators obtain system logs from the victims and suspects, so) we can see where the hacker came in from, what he did to the system and how he escaped." - SUPERINTENDENT SOO LAI CHOON, on what technology crime investigators do.

Just as how police officers look for clues at a crime scene to locate offenders in the real world, technology crime investigators scour devices and scope the Internet to look for digital signifiers that help them identify perpetrators.

Superintendent Soo Lai Choon, who runs the police's technology crime investigation branch, said: "The crime scene is in the virtual world, and the culprit is hiding behind a keyboard."

Investigators obtain system logs from the victims and suspects, so "we can see where the hacker came in from, what he did to the system and how he escaped".

He added: "On TV shows, investigators click to find an IP address - click, click, click - and they find the accused's location and subscriptions. In real life, it is not as fast."

For one thing, investigators have to collect evidence and duplicate - or image, as Supt Soo calls it - the data in order not to tamper with evidence. "I may have to do some analysis before I can get the IP address," he said, adding that the trail continues from there.

IP addresses help investigators find out the devices' physical location. Investigators can then determine who has access to it.

That is why it helps if victims report crimes as quickly as possible. "Digital evidence can be erased easily," Supt Soo said.

Besides time, the borderless nature of online crimes also requires officers to work with partners both local and abroad.

For example, when his unit was working on "The Messiah" case, it had to enlist the help of the Malaysian police when investigators found out that the hacker was working out of an apartment in Kuala Lumpur.

The Messiah was a pseudonym for James Raj Arokiasamy, who, in 2013, hacked into several servers hosting websites owned by Ang Mo Kio Town Council, The Straits Times and Sun Ho, the wife of City Harvest Church's founder Kong Hee. In 2015, James Raj got four years and eight months in jail.

While Supt Soo's unit works mostly with devices, investigators do run into physical danger.

In September, a 25-year-old cook who logged into his girlfriend's Facebook account and posted a nude photo of her was jailed for six years and two months, and given six strokes of the cane, for several offences including violating CMCA, cheating and drug possession.

His litany of crimes included causing grievous hurt by slashing an officer from the tech crime unit.

Supt Soo said: "There are real risks when you handle criminals, regardless of the crime that you are handling. Any type of criminal, any type of case, can turn violent."

Aw Cheng Wei

A version of this article appeared in the print edition of The Straits Times on December 04, 2017, with the headline 'Time is of essence for tech crime investigators'. Print Edition | Subscribe